The present invention relates to an encryption method for SIP messages transferred among a plurality of entities such as servers and clients, and to an encryption SIP communication system.
SIP (Session Initiation Protocol) is widely used for establishment of communications (IP telephony and the like) between two entities (e.g., apparatus or processes to be embodied by running software on apparatus) (for the details of SIP, for example, refer to IETF, RFC3261 “SIP: Session Initiation Protocol”, IETF, June 2002, URL: http://www.ietf.org/rfc/rfc3261.txt (called Document 1″)
SIP has a mechanism that a server called a SIP server performs a communication establishment process on behalf of entities (hereinafter called SIP clients).
If a communication message (hereinafter called a SIP message) to be exchanged between SIP clients and a SIP server is tampered, the contents of the SIP message may be stolen or altered.
There is a method of protecting security and integrity of a SIP message by providing an encryption functional module between a SIP functional module for processing a SIP message and a communication functional module for communications between SIP clients and a SIP server, and by using an encryption communication protocol TLS (Transport Layer Security) and a message communication method S/MIME (Secure Multipurpose Internet Mail Extensions).
TLS is an encryption communication protocol widely used for protecting security and integrity of application data transferred in the WWW (World Wide Web) system (for the details of TLS, for example, refer to IETF, RFC2246 “The TLS Protocol Version. 1.0”, IETF, January 1999, URL: http://www.ietf.org/rfc/rfc2246.txt (called Document 2)).
Prior to transmitting application data, TLS executes a protocol called Handshake Protocol to authenticate a communication partner from a public key certificate, to negotiate an encryption algorithm for encryption communications and the type and parameters of a hash function, and to calculate a cryptographic key to be used for encryption of the application data, from the negotiation results.
S/MIME is an encryption method to be used mainly for a digital signature and encryption of an e-mail (for the details of S/MIME, for example, refer to IETF, RFC1847 “Security Multiparts for MIME: Multipart/Signed and Multipart/Encrypted”, IETF, October 1995, URL: http://www.ietf.org/rfc/rfc1847.txt (called Document 3)).
S/MIME makes a digital signature on application data by using a private key of a transmission source, and encrypts the application data with the digital signature by using random numbers. The encrypted application data and the random numbers encrypted by a public key of a communication destination are transmitted as one message (for the details of the format of encrypted data with the electronic signature, for example, refer to IETF, RFC3369 “Cryptographic Message Syntax (CMS)”, August 2002, URL: http://www.ietf.org/rfc/rfc3369.txt (called Document 4)).